diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
index aae6bd78db6f07bb5b4b2d0a9aa73cbe5c41ab8a..dfd56ae6ed8fe364a2130a4a91c93b45be06cd2c 100644
--- a/libavcodec/cfhd.c
+++ b/libavcodec/cfhd.c
@@ -617,6 +617,12 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
             s->peak.level   = 0;
         } else if (tag == -PeakLevel && s->peak.offset) {
             s->peak.level = data;
+            if (s->peak.offset < 4 - bytestream2_tell(&s->peak.base) ||
+                s->peak.offset > 4 + bytestream2_get_bytes_left(&s->peak.base)
+            ) {
+                ret = AVERROR_INVALIDDATA;
+                goto end;
+            }
             bytestream2_seek(&s->peak.base, s->peak.offset - 4, SEEK_CUR);
         } else
             av_log(avctx, AV_LOG_DEBUG,  "Unknown tag %i data %x\n", tag, data);